Project Security Dashboard [ULTIMATE]
Introduced in GitLab Ultimate 11.1.
The Security Dashboard displays the latest security reports for your project. Use it to find and fix vulnerabilities affecting the default branch.
How it works?
To benefit from the Security Dashboard you must first configure the Security Reports.
The Security Dashboard will then list security vulnerabilities from the latest pipeline run on the default branch (e.g.,
You will also be able to interact with the reports the same way you can on a merge request.
Keeping the Security Dashboard updated
The Security Dashboard displays information from the results of the most recent security scan on the default branch. Security scans are performed every time the branch is updated.
If the default branch is updated infrequently, scans are run infrequently and the information on the Security Dashboard can become outdated as new vulnerabilities are discovered.
To ensure the information on the Security Dashboard is regularly updated, configure a scheduled pipeline to run a daily security scan. This will update the information displayed on the Security Dashboard regardless of how often the default branch is updated.
A daily security scan can be configured to only execute jobs that to relate to security. For more information on configuring security-related jobs, see:
- Static Application Security Testing and example.
- Dynamic Application Security Testing and example.
- Dependency Scanning and example.
- Container Scanning and example.
Security scans using Auto DevOps
When using Auto DevOps, use special environment variables to configure daily security scans.